Welcome to the third blog in a series of blogs discussing phishing and social engineering – and ways of protecting yourself from hackers. Today, we’ll be discussing how to analyze links, and more importantly, while it’s important to be able to analyze a link, why it’s more important to understand emotion to prevent a hackers success in breaching you.
Bullet Point Summary
- Which of the below are legitimate links / websites?
- http://microsoft.com/file.txt Legitimate
- http://secure-microsoft.com/file.txt Not Legitimate
- https://secure.microsoft.com/file.txt Legitimate
- http://microsoft.com/secure/file.txt Legitimate
- http://rnicrosoft.com/file.txt Not Legitimate
- http://microsoft-securitycenter.com Not Legitimate
- It’s hard to analyze web links even when we’re thinking critically
- It’s even harder to analyze web links when we’re not thinking critically – when we’re feeling emotion or if we’re rushed.
- Remember, emotion will reduce your ability to think critically and cause mistakes. Understand yourself and learn to recognize the warning signs or when you’re feeling emotion based on an email.
Recap
In our last blog, we described one of most important steps that you can take to prevent being a victim of a phishing attack, recognizing emotion. Remember, outside of spear phishing, which is a topic that we’ll talk about in a later blog, emotion is at the heart of all phishing attacks. Emotion reduces your ability to think critically, which in turn causes mistakes.
Link Analysis
Let’s analyze the below links and see which ones are legitimate and which ones aren’t.
- http://microsoft.com/file.txt Legitimate
- This is a legitimate link. If you’ll notice, the microsoft.com is the base portion of the link, which is legitimate. The file.txt simply specifies a file on the Microsoft.com domain.
- http://secure-microsoft.com/file.txt Not Legitimate
- This is not a legitimate link. Notice the “–” symbol within the link “secure–microsoft.com”. This indicates that this is a wholly different link. If you were to go out to GoDaddy or any web hosting site, you would be able to reserve something similar (e.g., xyz-microsoft.com, microsoft-abc.com). It could be owned by Microsoft, and it potentially might not be owned by Microsoft.
- https://secure.microsoft.com/file.txt Legitimate
- In the above example, the “–” symbol was used. In this example, we’re seeing the dot “.” symbol. The dot “.” symbol use before the main part of a web link (the domain) indicates a concept known as sub domains. Since Microsoft owns the domain microsoft.com, only Microsoft would be able to create a sub domain under this domain. If the domain is legitimate, then the sub domain is legitimate. In this case, it is.
- http://microsoft.com/secure/file.txt Legitimate
- As you can see, it’s starting to get confusing, but if the first part (the domain) “microsoft.com” is good, then the “/” simply indicates a folder on the web server. In this case, a file called file.txt in the folder secure. This is also legitimate.
- http://rnicrosoft.com/file.txt Not Legitimate
- This example, if you have time to read it, it might be clear that instead of the letter “m“, we’ve replaced it with “rn“, which can potentially look like an “m“. If you had time to read this link, then you most likely answered correctly. Remember, hackers count on you not thinking critically. If you were rushed or thinking emotionally, you might have missed this. This is not a legitimate link.
- http://microsoft-securitycenter.com Not Legitimate
- Similar to #2 above, we’re using a “–” symbol here. Likewise, this is a domain that can be registered by anyone. In fact, I (Secure Guard Consulting) own this domain. It is not a legitimate link.
http versus https
One of the items to notice on each link above is at the beginning of each link, you see either http or https. http stands for hypertext transfer protocol. Without getting into too much detail, this is simply the protocol used to deliver websites to you (the end user). The difference between http and https is that the https (with the “s” on the end) indicates that communication between the web host and you is encrypted. Although both are legitimate, you should only provide sensitive information (e.g., credit cards, passwords, etc.) on websites that use https (with the “s”).
Was that easy? Analyzing Links is Highly Error Prone
Was analyzing each of the above links easy or hard? Whether your answer is easy or hard, it really doesn’t matter. Why? Because if you’re not thinking critically, which is what any analysis involves, it’s always going to be hard. Even if you are thinking critically, it’s hard to analyze web links. But good hackers take this option away using emotion.
By generating emotion (e.g., urgency, panic, fear, greed, curiosity, empathy, sympathy, etc.), a hacker will reduce your ability to think critically, making any analysis next to impossible by even the most seasoned IT professionals.
The Answer that Works
The answer – focus on emotion. If the email is generating any of the emotions we’ve discussed, the wisest possible action to take is to delete the email. If it’s asking you to take action, go to the browser and navigate directly to the website and continue. Do NOT click the link. We would put hackers almost out of business by simply learning to not take action based on the emotions we’ve discussed.
Always Remember
Remember, emotion will reduce your ability to think critically and cause mistakes. Understand yourself and learn to recognize the warning signs or when you’re feeling emotion based on an email.
Next Blog
In our next blog, we’ll discuss one of the theories (which we subscribe to) of why emotion causes us to not think critically.
Author
This article was written by Kaushal Kothari, President of Secure Guard Consulting, LLC, a cybersecurity / IT audit and consulting company. Kaushal is a former FDIC IT examination analyst and certified ethical hacker with 15+ years of experience in the technology field.